The 2011 Gartner Security & Risk Management brochure is now available. Featuring more than 100+ sessions, 4 complete programs including Security, Risk/Compliance, CISO and Business Continuity Management. For details, please visit www.gartner.com/us/securityrisk

1. Gartner
Security & Risk
Management
Summit 2011
June 20 – 23
National Harbor, MD (Washington, D.C. area)
gartner.com/us/securityrisk
Security and Risk Intelligence: The Next
Step in Improved Business Performance
Intelligence for today’s business-critical
security function:
• Mobile applications and security
• Advanced persistent threats
• Cloud computing and security
• Consumerization
• Securing the virtualized data center
Early-bird savings Save $300 when you register by April 29

2. Overview
Who should Prepare to benefit from new
attend security intelligence capabilities
The Gartner Security & Risk Management Summit
• CIO, CSO, CISO, CRO, CFO,
CCO, CGO, CPO is the premier gathering for senior IT and business
and CTOs executives across the breadth of IT security and risk
• IT vice presidents/directors management, including privacy, compliance, business
continuity management, IT disaster recovery and
• Governance, risk, compliance,
and privacy executives
business resiliency.
• Senior business executives Four complete programs—IT Security, Risk
Management, Business Continuity Management and
• General counsel
CISO—deliver:
• Finance, audit, legal risk and
compliance and regulators • More than 100 drill-down sessions across four
• Enterprise and operational programs and eight virtual tracks.
risk managers • 15 analyst-led roundtable discussions, 8 workshops,
• Continuity of operations keynotes, case studies and more.
• Crisis management • Analyst one-on-one meetings.
• Disaster recovery • CISO Invitational Program.
• IT infrastructure, network
• NEW! CRO Invitational Program.
and operation
This year’s theme explores new business intelligence
Hot being generated by next-generation security
topics programs—a new source of business value tied
directly to the security function. Join us to identify
• Mobile applications your next steps toward a more secure and resilient
and security
enterprise, and improved business performance.
• Social media and security
• Consumerization
• Advanced persistent threats
• The future of national
cybersecurity
• Cloud computing
and security
• Securing the virtualized
data center
• Critical infrastructure
protection
• Fraud detection
• Endpoint security
• Data loss prevention
• Identity management
• Information security metrics
22 Register by April 29 and save $300.

3. Benefits of Attending
Leverage the global expertise Earn
of Gartner analysts CPE credits
The Gartner Security and Risk Management
Attending the summit helps
Summit is unique in the industry. No other gathering you advance your continuing
brings together leading executives in IT security and professional education.
risk management, Gartner analysts, and relevant Registered participants are
solution providers for a comprehensive update on eligible to earn CPE credits
security, risk and BCM disciplines. Get the insight toward ISC2, ISACA, and
you need to: DRII Certification programs.
Learn more at
• Architect an overall security, risk management and gartner.com/us/securityrisk.
BCM strategy aligned to business needs and goals.
• Protect mission-critical infrastructure from
sophisticated new threats and deliver a more agile
and resilient enterprise.
• Benefit from new business intelligence being
generated by risk, security and BCM programs.
• Evaluate new security risks presented by SaaS,
cloud computing and virtualization.
• Understand the changing vendor universe and
make the right investments.
• Keep the board and other business leaders
informed by articulating security and risk strategy
in business language.
• Use insights from BCM, risk and security
programs for greater efficiency and improved
business performance.
• Prepare for new regulatory, compliance, privacy Table of
and e-discovery requirements. contents
• Use the latest BCM models to identify critical 2 Overview
data and processes and make your enterprise
3 Benefits of Attending
highly resilient.
4 Keynote Sessions
• Create a more risk-aware organizational culture
6 Meet the Analysts
that supports risk management initiatives.
8 Summit Highlights
9 Program Descriptions
10 Virtual Tracks
12 Agenda at a Glance
14 Solution Showcase
15 Registration
Visit gartner.com/us/securityrisk or call 1 866 405 2511. 3 3

4. Keynote Sessions
Gartner keynote
Presenter: Vic Wheatman, Managing Vice President,
Gartner Research
Today’s information security and risk management programs
are often based on a noncohesive set of technologies that
lacks comprehensive knowledge management, analytics and
planning capabilities. What is needed is a transformation to
enterprise security intelligence (ESI), enabling correlation and
impact analysis across all sources. We have learned how
to collect information, but we have not excelled at applying
knowledge. In this brief introduction, we will preview the ways
in which the conference will bring together the pieces of
information security and risk toward an ESI concept to improve
organizational performance.
Just announced! Guest keynotes
Presenter: Valerie Plame, “Outed” CIA operations officer
and best-selling author of “Fair Game”
As a covert CIA operations officer, Valerie Plame worked to
protect America’s national security and prevent the proliferation
of weapons of mass destruction. In 2003, she found herself at
the heart of a political firestorm when senior White House and
State Department officials revealed her secret status to several
national journalists—including a syndicated conservative
newspaper columnist who published her name. Plame’s
autobiography, “Fair Game: My Life as a Spy, My Betrayal by
the White House,” became a New York Times bestseller and
was recently made into a major motion picture.
Presenter: Joseph Wilson, Former U.S. ambassador,
author of “The Politics of Truth”; chairman of the board,
Symbion Power, Africa
Joseph Wilson’s historic career in international relations
spans more than three decades, with service under five U.S.
presidents: Ford, Carter, Reagan, Bush Sr. and Clinton. Widely
recognized for his diplomatic leadership, Wilson was hailed as
“a true American hero” by President George H. W. Bush for
his efforts to free more than 100 American hostages in Iraq.
The last American official to confront Saddam Hussein before
the start of the Gulf War, Wilson served as the acting U.S.
ambassador in Iraq throughout Operation Desert Shield.
4 Register by April 29 and save $300.

5. Presenter: David Pogue, Tech
Program Chairs
Columnist, The New York Times
As the tech columnist for The New York
Times, David Pogue has a front-row
seat for observing today’s blazing-fast
torrent of new inventions. Hundreds of Vic Wheatman
technologies come down the pike every year—and plenty Conference Chair,
Managing Vice President
get lots of press—but sadly, much of it is junk and some of
it carries potential security risks. Pogue will stick his neck
out to predict which will actually cause major, disruptive
changes. He’ll display, discuss and even demonstrate the
technological advances—in personal entertainment, mobile
technology, Web 2.0, security and more—that will have the F. Christian Byrnes
most impact on society in the coming years. CISO, Managing
Vice President
Security, Risk and Crisis Management
in the Coming Decade
Presenter: Michael Chertoff, Former
Secretary of Homeland Security,
Ray Wagner
2005-2009, Co-Founder and Managing IT Security, Managing
Principal, The Chertoff Group Vice President
A senior official involved in managing major crises, Michael
Chertoff will explore strategies for managing risk. Drawing
upon the his experiences as head of the criminal division of
the U.S. Department of Justice and as U.S. Secretary of
Homeland Security, Mr. Chertoff’s experience spans
Lawrence Orans
managing responses from the 9/11 attacks, the Enron and IT Security, Director
other corporate accounting scandals and natural disasters,
including Hurricane Katrina.
Mr. Chertoff will address the security challenges posed by
foreign investment in sensitive domestic industries and will
close with a focus on global vulnerabilities, including supply
French Caldwell
chain disruption and cyberwarfare. Mr. Chertoff will also Risk Management
describe lessons learned regarding preparedness as well and Compliance,
Vice President
as resiliency and response in exceptionally high-profile
media environments.
Roberta J. Witty
Business Continuity
Management,
Vice President
Visit gartner.com/us/securityrisk or call 1 866 405 2511. 5

6. Meet the Analysts
CISO IT Security
John Bace F. Christian Byrnes French Caldwell Ant Allan Dan Blum Perry Carpenter
Vice President Managing Vice Vice President and Vice President Vice President and Director
President Gartner Fellow Distinguished Analyst
Carsten Casper Ken Dulaney Jay Heiser Ken Dulaney Joseph Feiman Peter Firstbrook
Director, Gartner Vice President Vice President Vice President Vice President and Director
Consulting and Distinguished and Distinguished Gartner Fellow
Analyst Analyst
Rob McMillan John P. Morency Paul E. Proctor John Girard Trent Henry Kelly Kavanagh
Director Vice President Vice President and Vice President and Vice President Principal
Gartner Fellow Distinguished Analyst Research Analyst
Tom Scholtz Andrew Walls Jeffrey Wheatman Gregg Kriezman Ramon Krikken Avivah Litan
Vice President Director Vice President and Director Director Vice President and
and Distinguished Distinguished Analyst Distinguished Analyst
Analyst
Neil MacDonald Eric Maiwald Rob McMillan Mark Nicolett Lawrence Orans Eric Ouellet
Vice President and Vice President Director Vice President and Director Vice President
Gartner Fellow Distinguished Analyst
Earl Perkins John Pescatore Lawrence Pingree Doug Simmons Ray Wagner Bob Walder
Vice President Vice President and Research Director Vice President Managing Vice Director
Distinguished Analyst Consulting President
Andrew Walls Alice Wang Vic Wheatman Greg Young Tim Zimmerman
Director Director Consulting Managing Vice Vice President Principal Research
President Analyst
6 Register by April 29 and save $300.

7. Risk Management Business Continuity
and Compliance Management
John Bace French Caldwell Michele Cantara Ken Dulaney John Girard
Vice President Vice President and Vice President Vice President and Vice President and
Gartner Fellow Distinguished Analyst Distinguished Analyst
Carsten Casper Mark Driver Ken Dulaney Jay Heiser John P. Morency
Research Director Research Vice Vice President and Vice President Vice President
President Distinguished Analyst
Andrew Frank John F. Hagerty Jay Heiser Tom Scholtz Donna Scott
Vice President Vice President and Vice President Vice President and Vice President and
Distinguished Analyst Distinguished Analyst Distinguished Analyst
Dale Kutnick Debra Logan Mark Nicolett Jeffrey Vining Andrew Walls
Senior Vice President, Vice President and Vice President and Vice President Director
Executive Programs Distinguished Analyst Distinguished Analyst
Earl Perkins Paul E. Proctor Drue Reeves Roberta J. Witty
Research Vice Vice President and Vice President and Vice President
President Gartner Fellow Distinguished Analyst
Gartner analyst
one-on-ones
Sit down privately for 30
Tom Scholtz Steven Stokes Andrew Walls minutes with a Gartner analyst
Vice President and Managing Vice Director
Distinguished Analyst President who specializes in the topic
you’d like to discuss. To reserve
your one-on-one session,
visit the Agenda Builder at
gartner.com/us/securityrisk
or the one-on-one desk on-site
at the conference.
Visit gartner.com/us/securityrisk or call 1 866 405 2511. 7

8. Summit Highlights
Networking that delivers valuable insights
In addition to community networking breakfasts by
industry and program, lunch and evening receptions,
hospitality suites and roundtable discussions, this
year’s summit includes a special event presenting
the 2010 executive summary from Financial
Executives International, plus an Executive
Women’s Forum meet-and-greet.
End-user case studies
Gartner invites a number of end users to personally
CISO and CRO present leading-edge case studies and answer
Invitational Programs questions. It’s a unique opportunity to hear detailed
Concurrent with the summit, accounts of major implementations firsthand.
CISO and CRO Invitational
Solution provider showcase
Programs provide a forum for
Meet with today’s leading and most innovative
the exploration of top-of-mind
Ieadership, IT security, privacy solution providers across security and risk. Hear
and risk management issues their case studies, get answers to your questions
for CISOs, CSOs and CROs. and create a shortlist of top vendors.
In these intensive programs,
guest executives meet with
leading technology providers
to exchange ideas and
strategies. Participation New for 2011
includes gratis travel, hotel and Greater breadth and deeper coverage
registration and is by invitation
of key topics
only on a first-come, first-served
basis. To apply, visit Richer in both breadth and depth, the 2011 summit
gartner.com/us/securityrisk. presents more new research than ever before. The
Risk Management and Compliance program and the
IT Security program have each been expanded, with
increased focus on: enterprise and operational risk,
legal and compliance, infrastructure protection and
Analyst-user secure business enablement. Expect:
roundtables
• New research, case studies, keynotes and
Hear how your colleagues marketplace updates
from various industries tackle • More preconference tutorials, workshops and
problems similar to yours.
These small group discussions, networking by community
moderated by an analyst, • Eight virtual tracks with in-depth coverage of key
provide an informal setting for
you and your peers to share topics, including wireless, cloud, IAM and privacy
insight, challenges and • Four complete programs plus a new track—
concerns on today’s
hottest topics. Technical Insights: Security Architecture—that
focuses on improving business intelligence and
data management solutions
8 Register by April 29 and save $300.

9. Program Descriptions
Four complete programs deliver in-depth insight
across key disciplines
IT Security Program
Today’s security is about business as much as technology. From the cloud to the
network, enterprise data to remote computing, security has a direct impact on the
bottom line. In this program, we’ll address evolving trends and challenges across
security, among them:
• Mobile applications and consumerization
• Cloud computing and virtualized data centers
• Advanced persistent threats
• NEW track: Technical Insights: Security Architecture
Risk Management and Compliance Program
This program focuses on the technologies and strategies to improve governance,
manage risk and adhere to the letter and spirit of the law. Top priorities we’ll
cover include:
• Answering to the board—risk and compliance in business terms
• E-discovery and information governance
• New risks in the IT supply chain
• Risk-based approaches to privacy
CISO Program
Suited to those new to the role as well as experienced leaders updating their
knowledge base, the program addresses evolving challenges in:
• Enterprise security intelligence
• Business-IT security alignment
• Governance, policy and privacy
• Corporate risk management
Business Continuity Management Program
How does the enterprise ensure continuing operations and system availability when
something goes wrong? What is the IT disaster recovery plan? These sessions help
organizations anticipate the unanticipated and work to reinforce a discipline of continuity
in the corporate culture, a perspective that can yield added benefits in the form of
business intelligence and greater efficiencies. Key topics include:
• Cloud, mobile and social software, and disaster recovery
• Standards and certification
• Ensuring 24/7 availability
Visit gartner.com/us/securityrisk or call 1 866 405 2511. 9

10. Virtual Tracks
Virtual tracks let you follow a key trend or topic with relevant
sessions pulled from across the conference offerings.
Through the online Agenda Builder, you can also customize
any of these eight tracks to suit your own specific interests.
Visit gartner.com/us/securityrisk on your PC or mobile device
to get started.
Wireless and Security and budgets from adjacent security,
Wireless access is a factor in all future application and risk management
network and user device approaches, areas. These sessions address
bringing both new and reinvented emerging technologies that have an
wireless security challenges. This track impact on privacy, but also those
covers business-critical system and that can help to protect personal
data issues emerging from new wireless information.
technologies.
Identity and Access Management
Cybersecurity As businesses and institutions
Organized teams of hackers are mature, they must manage volatile
coordinating their efforts not only to gain and rapid change, establish effective
access to systems for purposes of data formal governance and provide
acquisition or sabotage, but to negate accountability through transparency.
remediation efforts in an attempt to IAM can enable these evolutionary
maintain that access. This track explores steps, but must itself evolve. It’s
cybersecurity issues that impact both the time for your IAM program to grow
private and public sectors. up and display the right foundation,
architecture, governance and
Cloud Computing
organization for delivering real value;
Cloud computing presents major security
we’ll examine how.
challenges as well as exciting new
opportunities in security-as-a-service and Trend Watch
cloud-based security services. In this The trend line tells us that the
track, we’ll explore the new imperative: bad guys are getting smarter, the
know your risk profile, understand the technology more evolved and
risks cloud computing can create, business practices around security,
minimize those risks, and move forward risk and compliance keep moving
appropriately. towards more maturity. Here we
forecast future trends in the domain
Privacy
to help you get, and keep, ahead of
Everybody wants privacy, but nobody
the curve.
wants to pay for it. Privacy professionals
have to tap into the technology pools
10 Register by April 29 and save $300.

11. Marketplace Review Thursday
Mergers and acquisitions, new point
workshop
solutions and the convergence of
product functionality into integrated
series
solutions all contribute to a dynamic
Dive into hands-on specifics
security, risk and compliance
in workshops covering 10
marketplace. What does that mean hot topics, from creating
for your investments and future buying key risk indicators to
decisions? Get the latest updates to help assessing your organization’s
you anticipate marketplace changes. privacy posture.
Social Media AW1. Creating a Balanced
New social media tools aid collaboration, Scorecard for Information
build brand awareness and facilitate Security Jeffrey Wheatman,
Rob McMillan (8:30 a.m.)
off-the-record communications. These
often bypass corporate filters, meaning BW1. IAM Program Maturity
that official correspondence is beyond Assessment Ant Allan,
Gregg Kreizman, Perry
enterprise control. Meanwhile, corporate
Carpenter, Earl Perkins,
and personal privacy is increasingly being
Ray Wagner (8:30 a.m.)
put at risk. What can be done about the
FW1. BCM Maturity
risks of emerging social media and how do
John P. Morency,
they balance against the opportunities?
Roberta J. Witty (8:30 a.m.)
GW1. Creating Key Risk
Indicators for Your Company
New track for IT security Paul E. Proctor (8:30 a.m.)
AW2. CRO (10:20 a.m.)
practitioners
BW2. SEC Foundational
Technical Insights: Security Architecture Building Blocks of a Data
Providing in-depth technical research and Loss Prevention Strategy
decision support tools, these sessions explore the Alice Wang (10:20 a.m.)
architecture and planning considerations for FW2. KRI Development
protecting information, building secure John P. Morency,
applications, understanding threats, auditing and Roberta J. Witty (10:20 a.m.)
monitoring activity, and managing risk associated For complete details visit
with new devices and service hosting models. gartner.com/us/securityrisk.
Session topics include:
• Developing a cloud computing security strategy
• Consumerization and security architecture
• Designing security monitoring architectures
• Application security programs
Visit gartner.com/us/securityrisk or call 1 866 405 2511. 11

12. Monday, June 20 Agenda at a Glance
11:30 a.m. Tutorial 1. Developing Next-Generation Security Metrics B Tutorial 2. Choosing the Right BCM Consultant for the Job F Tutorial 3. Fathoming the Jellyfish: Understanding the Gartner IAM S Tutorial 4. Security Markets Worldwide Lawrence Pingree B Tutorial 5. Top Security Trends and Take-Aways for 2011-2012 S Create your own customized agenda online
Jeffrey Wheatman S John P. Morency, Roberta J. Witty B Taxonomy and Capability Models Ant Allen T F Ray Wagner T Don’t miss that must-see session! Use our online
F P F F Agenda Builder to customize your summit experience
10:00 a.m. Welcome Address Vic Wheatman, Managing Vice President and Conference Chair prior to the event. Build your agenda on your PC or
10:15 a.m. Opening Keynote Michael Chertoff, Secretary of Homeland Security, 2005-2009 mobile device, sign up for RSS alerts and more at
Enterprise and Operational Managing Legal and gartner.com/us/securityrisk.
Secure Business Enablement The CISO
Infrastructure Protection Risk Management Compliance Risks
Technical Insights:
Security
Security Architecture
CISO Risk Compliance BCM Analyst-User Roundtables
11:30 a.m. B1. From Security Silos B C1. Defending the T D1. The Identity and Access B E1. Emerging Technologies T TI1. Dangerous Times: P A1. Defining the Information B G1. Selecting IT Risk Assessment P H1. The End of the Beginning and S F1. Operations Resilience: How S AUR1. Emerging Trends in Security and Risk AUR2. Tablet Security Supporting iPads in the
to Enterprise Security S Homeland: The Future of S Management Scenario A for Mobile Security John A Shared Intelligence Plays a A Security Program S Methods and Tools: A Use Case What’s Next in Compliance A Achievable Will It Be? B Management Ray Wagner Enterprise Bob Walder
Intelligence A National Cybersecurity A Gregg Kreizman S Girard, Ant Allan Vital Role Dan Blum F. Christian Byrnes, F Approach Tom Scholtz John Bace, French Caldwell John P. Morency, Donna Scott
Joseph Feiman Andrew Walls Mark A. Margevicius
12:30 p.m. Attendee Lunch and Solution Showcase Dessert Reception, Theater Showcase Presentations
2:30 p.m. B2. Adaptive, Context-Aware S C2. Cyberwar and APT: Hype T D2. Improving IAM Processes B E2. Best Practices for T TI2. Managing the Risk of S A2. Risk Assessment 101 F G2. The KRI Catalog B H2. The Future of Privacy Carsten B F2. Building Resilience Into the P AUR3. Enterprise Security Intelligence AUR4. Cloud Concerns Roundtable
Security Infrastructure and A and FUD Bob Walder S Is a Business Imperative F Owning Your Airwaves to P Using SaaS Eric Maiwald A Jay Heiser B Paul E. Proctor P Casper, Andrew Walls, John Bace S Development Life Cycle T Roundtable Joseph Feiman Lawrence Pingree
Intelligence Neil MacDonald A Earl Perkins S Provide Security, Maximize A T S F A Roberta J. Witty, John P. Morency
Performance and Mitigate
Interference Tim Zimmerman
3:45 p.m. Solution Provider Sessions
5:00 p.m. Guest Keynote Fair Game: Intelligence, Integrity, Security and Counterproliferation Valerie Plame, “Outed” CIA Operative; and Former Ambassador Joseph Wilson
6:00 p.m. Solution Showcase Evening Reception
Tuesday, June 21
7:00 a.m. Breakfast
8:15 a.m. B3. Content-Aware Data S C3. Securing the Virtualized S D3. The Future of Access T E3. Next-Generation P TI3. Develop a Cloud S A3. Report Risk to the B G3. Analytics’ Role in Managing Risk P F3. Standards Comparison: B AUR5. Talkin’ Bout My Next AUR6. Crisis Management P
Loss Prevention Trends for A Data Center: From Private A Management: the End of A Architectures for Infrastructure A Computing Security Strategy A Board…and Keep Your Job P John F. Hagerty A BS 25999, NFPA 1600 and ASIS P G-g-g-generation Firewall Greg Young John P. Morency, Donna Scott B
2011 and Beyond T Cloud to Public Cloud Point Solutions P Guest Access Dan Blum T Paul E. Proctor F SPC.1-2009 Don Byrnes F
Eric Ouellet Neil MacDonald Gregg Kreizman Tim Zimmerman
9:30 a.m. Solution Provider Sessions
10:45 a.m. B4. Critical Infrastructure S C4. How to Use the Cloud P D4. Security Information P E4. New Trends in Fraud P TI4. Consumerization and A4. An Introduction to F G4. Driving Performance and Improving P H4. Understanding the Foundations and F F4. Social Software and A AUR7. Achieving Your IT Resilience Goals T AUR8. Network Access Control Experiences
Protection, Smart Grid and A and Stay Secure A and Event Management A Detection: Grappling With the A Security Architecture Information Security Risk Management With BPM F Components of Compliance P Recovery Andrew Walls, B John P. Morency, Donna Scott Lawrence Orans
Next-Generation Threats John Pescatore Drives Enterprise Security Enemies Within and Without Eric Maiwald Architecture Tom Scholtz Michele Cantara John Bace Roberta P. Witty
Earl Perkins Intelligence Mark Nicolett Avivah Litan
11:45 a.m. Solution Showcase Lunch and Exhibits Theater Presentations
2:00 p.m. B5. iPad Data Safety P C5. Secure Web Gateways: P D5. Looking Forward: B E5. The Enterprise Social R One Giant D-L-P for Your A5. Building an Effective P G5. Ensuring Cloud Assurance S H5. Intelligent Information Governance P F5. Uptime All the Time A AUR9. TBA
Bob Walder A Intelligently Defending Against A Best Practices for User F Platform: The Newer Attack S Security Architecture Security Awareness Program F Jay Heiser A 2011 Debra Logan F Donna Scott T
the Web 2.0 Threat Peter Administration S Vector Alice Wang A Trent Henry Andrew Walls
Firstbrook, Lawrence Orans Perry Carpenter
3:15 p.m. Solution Provider Sessions
4:30 p.m. BN1. Net IT Out: Tips for P CN1. Net IT Out: Cloud P DN1. Net IT Out: Business EN1. Net IT Out: Choosing P AN1. Privacy Policy: S GN1. Net IT Out: Operational Technology S HN1. Net IT Out: Choosing Enterprise S FN1. BCM Software Marketplace P
Vendor Proposals F Performance and Security A Continuity Management User Provisioning Vendors F Structure and Content F Governance, Risk Management and F GRC Vendors French Caldwell, F Review: Emergency Mass T
Greg Young Bob Walder Planning BCMP Jeff Vining, Perry Carpenter Carsten Casper Compliance Earl Perkins Paul E. Proctor Notification Services and BCMP
Roberta J. Witty John Girard, Tom Scholtz
DN1. Business Continuity
Management Planning (BCMP)
Jeff Vining, Roberta J. Witty
4:55 p.m. BN2. Net IT Out: E-Mail P CN2. Net IT Out: Log P EN2. Net IT Out: Choosing P AN2. Managing Relationships P GN2. Net IT Out: Understanding the F HN2. Net IT Out: Choosing IT GRC P
Encryption Eric Ouellet A Management as a Service: A Fraud Detection Vendors A With Internal and External F E-Discovery Market Debra Logan S Management Vendors Mark Nicolett F
Alternatives to SIEM Avivah Litan Auditors John P. Morency
Kelly M. Kavanagh
5:30 p.m. Keynote: TBA
6:30 p.m. Hospitality Suites
Wednesday, June 22
7:30 a.m. Breakfast With the Analysts
8:30 a.m. B6. Building the Intelligent S C6. The Mobile Security Brothers D6. One Ring to Rule Them P E6. The State of Enterprise T TI6. IT1 Presentation: A6. The Care and Feeding of F G6. Enterprise and Operational Risk B H6. Supply Chain Risks in a Changing P F6. Case Study: A Modern S AUR10. Enterprise Fraud Management Roundtable Avivah Litan
Endpoint Protection Platform A Traveling Roadshow All: Intelligent Security F Data Collaboration for F Designing Security Security Policies Jay Heiser S Management: Directors Roundtable, S World Stephen Stokes Approach to Business Resiliency B
Peter Firstbrook John Pescatore, John Girard Management With Active Internal and External Needs S Monitoring Architectures What the Board Wants Dale Kutnick, Management at Lockheed
Directory Andrew Walls With EDRM, DLP, Encryption Ramon Krikken French Caldwell Martin Corporation
and Portals Eric Ouellet Nader Mehravari
9:45 a.m. Solution Provider Sessions
11:00 a.m. B7. The Glass House of P C7. How to Avoid Having a P D7. Improving IAM. Value T E7. Case Study: Ensuring TI7. IT1 Presentation: Making A7. Articulating the Business P G7. Future Scenarios for Privacy, S H7. Which Regulations Apply to Me F F7. Disaster in the Cloud A AUR11. Security Metrics Roundtable AUR12. TBA
Data Center Security A Really Bad Day: Preparing A Through Identity and Access A Privacy—Intelligently Protecting Progress in Application Value of Information Security F Advertising and Online Social Identity A French Caldwell P Jay Heiser T Jeffrey Wheatman
Greg Young For and Managing Security Intelligence Earl Perkins S Patient EMR and Medical Security Programs Tom Scholtz Andrew Frank
Incidents in a Controlled Way Identity Information Ramon Krikken
Rob McMillan Saikat Maiti, Head, Information
Security and Data Privacy,
Varian Medical Systems
12:00 p.m. Solution Showcase Lunch and Exhibits Theater Presentations
1:30 p.m. B8. Hey Boss, I Need P C8. Vulnerability S D8. Improving Identity T E8. Embrace Emerging IAM A TI8. Stop Worrying and A8. What to Do When a P G8. Critical Strategies to Manage Risk S H8. Negotiating and Managing Cloud P F8. Modernizing Recovery Into A AUR13. Mobile Applications and Recovery Roberta J. Witty, John Girard T
Another Network Security A Management for Emerging A Assurance: Best Practices for F Administration and Intelligence P Embrace SharePoint Security Lawyer Is Not Around F and Maximize Business Value of Open F Legal and Liability Issues A Resilience John P. Morency T
Tool Lawrence Orans, Threats and Technologies User Authentication P Trends to Improve Time-to- Features Trent Henry John Bace Source Within the Enterprise Drue Reeves
John Pescatore Mark Nicolett Ant Allan Value Perry Carpenter Mark Driver
2:45 p.m. Solution Provider Sessions
4:00 p.m. B9. Case Study: Oil Company S C9. Data Encryption for P D9. Assessing Risks in Social P E9. Managing Identity in the T A9. The Future of GRC S G9. Case Study: Best Practices in P H9. Managing Vendors and Their Risks P F9. Case Study: Mobile P AUR14. TBA AUR15. TBA
Builds Security Program Using A Compliance and Information F Collaboration Software A Cloud Greg Kreizman F French Caldwell A E-Discovery Debra Logan F to Your Business French Caldwell F Technologies in Disaster Recovery T
Tools and Governance Doug Governance Eric Ouellet Andrew Walls P John Girard
Simmons, Gartner Consulting
5:15 p.m. Guest Keynote Disruptive Tech: What’s New, What’s Coming, How It Will Change Everything and Is It Secure? David Pogue, Technology Columnist, The New York Times
Thursday, June 23
9:00 a.m. GS1. Pocket Power: Reap the Benefits of Mobile Evolution While Managing Risk Ken Dulaney
10:20 a.m. GS2. Col. Lindley Johnson, NASA’s Near-Earth Objects Observations Program Executive See page 11 for our Thursday Workshop Series or visit gartner.com/us/securityrisk for complete details. B Business T Technology S Strategic P Practical A Advanced F Foundational
11:45 a.m. Closing Keynote
12:15 p.m. Conference Ends
12 Register by April 29 and save $300. Visit gartner.com/us/securityrisk or call 1 866 405 2511. 13

13. Solution Showcase
Today’s leading solution providers and top innovators in the security, risk
management and business continuity management space will be on-site with their
most informed representatives, ready to answer your questions. Get the research,
ask your questions, streamline the vetting process, and leave with a shortlist you
can act on immediately.
Premier Sponsors as of March 11, 2011
Cisco security balances protection and power to deliver highly secure collaboration. With Cisco security,
customers can connect, communicate, and conduct business securely while protecting users, information,
applications, and the network. Cisco pervasive security can help minimize security and compliance IT risk,
reduce IT administrative burden, and lower TCO. Information about Cisco security can be found at
www.cisco.com/go/security
Google’s cloud computing solutions allow you to dramatically lower IT costs and increase productivity, security
and reliability. Google Apps is a 100% web suite of applications that includes Gmail, Google Calendar, Google
Docs and Spreadsheets, Google Sites, and more. Google Postini services help make email systems more
secure, compliant and reliable by blocking spam and malware before they reach your networks, by providing
encryption and archiving to help meet compliance requirements, and by offering email continuity.
Qualys, Inc. <http://www.qualys.com/> is the leading provider of on demand IT security risk and compliance
management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a
matter of hours anywhere in the world, providing an immediate, continuous view of security and compliance
postures. The QualysGuard® service is used today by more than 5,000 organizations in 85 countries, including
47 of the Fortune Global 100, and performs more than 500 million IP audits per year.
Symantec is a global leader in providing security, storage and systems management solutions to help our
customers – from consumers and small businesses to the largest global organizations – secure and manage
their information-driven world against more risks at more points, more completely and efficiently. Our software
and services protect completely, in ways that can be easily managed and with controls that can be enforced
automatically – enabling confidence wherever information is used or stored. www.symantec.com
Verizon Business, a unit of Verizon Communications, is a global leader in communications solutions. We
combine professional expertise with one of the world’s most connected IP networks to deliver award-winning
communications, IT, information security and network solutions. We securely connect today’s enterprises -
enabling them to increase productivity and efficiency. Many of the world’s largest businesses—including 96% of
the Fortune 1000—rely on our professional and managed services and network technologies.
Websense, Inc., a global leader in unified Web security, email security, and data loss prevention (DLP) solutions,
delivers the best content security for modern threats at the lowest total cost of ownership to tens of thousands
of organizations worldwide. Distributed through global channel partners and delivered as software, appliance and
Security-as-a-Service (SaaS), Websense helps organizations leverage Web 2.0 and cloud communication, while
protecting from advanced persistent threats, preventing confidential data loss and enforcing security policies.
Platinum Sponsors
AT&T Inc. is a global leader in communications, with operating subsidiaries providing services under the AT&T
brand. AT&T is a recognized leader in Business-related voice and data services, including global IP services,
hosting, applications, and managed services. In the United States, AT&T is a leader in Mobile voice and data, as
well as IP, Yellow Pages and advertising services, and provides Wi-Fi service in over 20,000 hotspots.
CIPHER is a global solution provider in Information Security. It is committed to delivering excellence and innovation
through Consulting, System Integration and Managed Security Services (MSS) provided by modern 24x7 Security
Operations Centres (SOC). CIPHER has over 10 years of experience, it is a highly accredited company including
ISO 20000 and ISO 27001 certification and a pioneer in obtaining PCI-QSA and PCI-ASV certificates.
Core Security enables organizations to get ahead of threats with security test and measurement solutions that
continuously identify and prove real-world exposures to their most critical assets. Our customers gain real visibility into
their security standing, real validation of their security controls, and real metrics for more effective information security.
Dell Inc. (NASDAQ: DELL) listens to customers and delivers worldwide innovative technology and business
solutions they trust and value. Recognized as an industry leader by top analysts, Dell SecureWorks provides
world-class information security services to help organizations of all sizes protect their IT assets, comply with
regulations and reduce security costs. www.dellsecureworks.com
As a world-leading information technology company, HP applies new thinking and ideas to create more simple,
valuable and trusted experiences with technology. Our focus is to continuously improve the way our customers
live and work through technology products and services, form the individual consumer to the largest enterprise.
More information can be found at www.hp.com
Through world-class solutions that address risk across the enterprise, IBM Security Solutions enable
organizations to build a strong security posture that helps reduce costs, improve service, manage risk,
and enable innovation. For more information on how to address today’s biggest risks please visit us at
ibm.com/security.
Intel is a world leader in computing innovation. The company designs and builds the essential technologies that
serve as the foundation for the world’s computing devices. Laptops with Intel® Anti-Theft Technology provide
you with intelligent security for lost or stolen laptops. Because the technology is built into the hardware, Intel
AT provides local protection that works even if a thief reimages the OS, changes the boot order, installs a new
hard-drive, or stays off the Internet. Additional information is available at http://anti-theft.intel.com.
McAfee is the world’s largest dedicated security technology company. McAfee relentlessly tackles the world’s
toughest security challenges. With nearly 350 patents, our award-winning research team and engineers develop
solutions that make businesses more powerful to protect their systems, networks, and data, while also helping
them optimize complex risk and compliance issues. At home, we help consumers secure every aspect of their
digital life—PC, mobile phone, and internet—with solutions that auto-update and are easy to install and use.

14. Platinum Sponsors
Oracle Corporation (NASDAQ: ORCL) is the world’s largest enterprise software company, providing database,
middleware, and collaboration products; enterprise business applications; application development tools; and
professional services for businesses and organizations worldwide. For more information, visit oracle.com.
Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented
visibility and granular policy control of applications and content—by user, not just IP address—at up to 10Gbps
with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls
the network security company
tm
accurately identify and control applications—regardless of port, protocol, evasive tactic or SSL encryption—and
scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0
and maintain complete visibility and control, while significantly reducing total cost of ownership through device
consolidation. For more information, visit www.paloaltonetworks.com.
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management
solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most
complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding
mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss
Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA
brings visibility and trust to millions of user identities, the transactions that they perform and the data that is
generated. For more information, please visit www.RSA.com and www.EMC.com.
Solutionary reduces the information security and compliance burden, delivering flexible managed security
services that align with client goals, enhancing organizations’ existing security program, infrastructure and
R E L EVA N T . I N T E L L I G E N T . S EC U R I T Y
personnel. The company’s services are based on experienced security professionals, actionable threat
intelligence and the ActiveGuard service platform that provide expert security and compliance management.
This client focus and dedication to customer service has enabled Solutionary to boast one of the highest client
retention rates in the industry.
Guided by its vision of Dynamic Security for the Global Network, SonicWALL develops advanced intelligent
network security and data protection solutions that adapt as organizations evolve and as threats evolve. Trusted
by small and large enterprises worldwide, SonicWALL solutions are designed to detect and control applications
and protect networks from intrusions and malware attacks through award-winning hardware, software and
virtual appliance-based solutions. For more information, visit http://www.sonicwall.com/.
Sourcefire, Inc. (Nasdaq:FIRE) is a world leader in intelligent cybersecurity solutions. Sourcefire is transforming
the way Global 2000 organizations and government agencies manage and minimize network security risks.
Sourcefire’s Next-Generation IPS™, Next-Generation Firewall™, virtual, and anti-virus/malware solutions equip
customers with an efficient and effective layered security defense - protecting network assets before, during
and after an attack. Today, the name Sourcefire has grown synonymous with innovation and cybersecurity
intelligence. For more information: http://www.sourcefire.com
Splunk is software used for monitoring, reporting and analyzing IT data. This data is generated by all
applications, systems and infrastructure - located on-premise or in the cloud. IT data is massive in scale,
unstructured and contains a definitive record of transactions, systems, applications and user activity. It’s also
largely unused, trapped in rigid, silo-based systems. Only Splunk lets you capture and analyze real-time and
historical IT data from one place, so you can unlock its value.
Trend Micro provides leading Internet content security solutions for businesses and consumers. We protect
against malware, spam, data leaks, and the newest Web threats designed to steal digital information. Our
unique solutions stop these threats where they first emerge - in the Internet - before they can attack corporate
networks and PCs. Founded in 1988, Trend Micro operates globally and protects hundreds of millions of users
in the office, at home and on the go.
Tripwire is a leading global provider of IT security and compliance automation solutions. Tripwire VIA™, the
comprehensive suite of industry-leading file integrity, policy compliance and log and event management
solutions, is the way organizations proactively achieve continuous compliance, mitigate risk, and ensure
operational control through Visibility, Intelligence and Automation.
Trustwave is the leading provider of on-demand and subscription-based information security and payment
card industry compliance management solutions to businesses and government entities throughout the world.
Trustwave has helped thousands of organizations-ranging from Fortune 500 businesses and large financial
institutions to small and medium-sized retailers-manage compliance and secure their network infrastructure,
data communications and critical information assets. Trustwave is headquartered in Chicago with offices
throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit
https://www.trustwave.com.
Silver Sponsors
21st Century Software Bradford Networks Hitachi ID Systems, Inc. Rapid7
3M BWise Identity Finder, LLC RioRey, Inc.
Absolute Software Centrify InDorse Technologies Rsam
AccessData Group Clearwell LogRhythm, Inc. SailPoint
Agiliance Inc. COOP Systems Lumension Smarsh, Inc
AirWatch Cyber-Ark Software M86 Security SunGard Availability
AlertEnterprise Inc. Cyveillance, Inc., A MENTIS Software Services
AlgoSec QinetiQ North America Solutions Tenable Network Security,
Company MetricStream Inc.
ArcSight an HP Company
Damballa Modulo Tufin Technologies
AuthenWare Corporation
Dataguise, Inc. nCircle Veracode, Inc.
Beta Systems Software
DeviceLock, Inc. nuBridges, Inc. Verdasys
BeyondTrust Software
Fischer International PricewaterhouseCoopers,
Bit9, Inc.
Identity LLP
Blue Coat Systems, Inc.
14 Register by April 29 and save $300.

15. Registration
3 easy ways to register
Web: gartner.com/us/securityrisk
E-mail: us.registration@eventreg.com
Phone: 1 866 405 2511
Don’t miss this year’s in-depth coverage
Early-bird
of security and wireless technologies, savings
security and the cloud, and sophisticated
Register by
new security threats. There’s no better April 29 and
way to update your IT security insights! save $300!
Special Gartner hotel room rate: $230
(plus tax and $15 resort fee) for single or double occupancy
Gaylord National Hotel and Convention Center
201 Waterfront Street
National Harbor, MD 20745
Phone: +1 301 965 4000
A limited block of rooms has been reserved for attendees at this rate until May 23,
2011. To obtain the group rate of $230, indicate that you are attending the Gartner
Security & Risk Management Summit when making your reservation.
Bring the team and save!
Team benefits include:
• Team meeting with a Gartner analyst (end users only)
• Optional team meeting(s) with select executives from vendor organizations
• Advice and support on building personalized agendas
• 10+ free multimedia sessions from Gartner Events on Demand
• Complimentary team lounge and meeting space
• Concierge service, pre-event and on-site
Team discounts on registration rates:
4 for the price of 3 For more information, e-mail
7 for the price of 5 us.teamsend@eventreg.com or contact
your Gartner account manager.
12 for the price of 8
Conference registration fee includes conference attendance,
documentation and planned functions.
Standard price: $2,150
Public-sector price: $1,750
Interested in becoming a Gartner client?
Phone: +1 203 316 1111
E-mail: client.info@gartner.com
Sponsorship Opportunities
Silas Mante John Forcino David Sorkin
Account Manager Account Manager Sr Account Manager
+1 203 316 3778 +1 203 316 6142 +1 203 316 3561
silas.mante@gartner.com john.forcino@gartner.com david.sorkin@gartner.com
Visit gartner.com/us/securityrisk or call 1 866 405 2511. 15

16. 56 Top Gallant Road
PO Box 10212 Presorted
Standard
Stamford, CT 06904-2212
U.S. Postage
PAID
Gartner
3 easy ways to register
Gartner Security & Risk Web: gartner.com/us/securityrisk
Management Summit 2011 E-mail: us.registration@eventreg.com
June 20 – 23 • National Harbor, MD (Washington, D.C. area)
Phone: 1 866 405 2511
gartner.com/us/securityrisk
Priority code:
Early-bird savings
Register by April 29 and save $300!
Nearly 50 security sessions covering privacy, mobility,
cloud, compliance, IAM, critical infrastructure, business
enablement and more
• Mobility, cloud and virtualization
• Consumerization and compliance
• Critical infrastructure
• Business enablement
• Privacy, IAM and more
© 2011 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates.
For more information, e-mail info@gartner.com or visit gartner.com. Produced by Marketing Communications